summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--system/libraries/Encrypt.php521
-rw-r--r--tests/codeigniter/libraries/Encrypt_test.php79
-rwxr-xr-xtests/mocks/database/ci_test.sqlitebin19456 -> 19456 bytes
-rw-r--r--tests/mocks/libraries/encrypt.php16
-rw-r--r--user_guide_src/source/changelog.rst15
-rw-r--r--user_guide_src/source/installation/upgrade_200.rst6
-rw-r--r--user_guide_src/source/installation/upgrade_220.rst13
-rw-r--r--user_guide_src/source/installation/upgrade_300.rst11
-rw-r--r--user_guide_src/source/installation/upgrade_320.rst1
-rw-r--r--user_guide_src/source/libraries/encrypt.rst198
-rw-r--r--user_guide_src/source/libraries/encryption.rst4
11 files changed, 24 insertions, 840 deletions
diff --git a/system/libraries/Encrypt.php b/system/libraries/Encrypt.php
deleted file mode 100644
index df1af4cf4..000000000
--- a/system/libraries/Encrypt.php
+++ /dev/null
@@ -1,521 +0,0 @@
-<?php
-/**
- * CodeIgniter
- *
- * An open source application development framework for PHP
- *
- * This content is released under the MIT License (MIT)
- *
- * Copyright (c) 2014 - 2019, British Columbia Institute of Technology
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- *
- * @package CodeIgniter
- * @author EllisLab Dev Team
- * @copyright Copyright (c) 2008 - 2014, EllisLab, Inc. (https://ellislab.com/)
- * @copyright Copyright (c) 2014 - 2019, British Columbia Institute of Technology (https://bcit.ca/)
- * @license https://opensource.org/licenses/MIT MIT License
- * @link https://codeigniter.com
- * @since Version 1.0.0
- * @filesource
- */
-defined('BASEPATH') OR exit('No direct script access allowed');
-
-/**
- * CodeIgniter Encryption Class
- *
- * Provides two-way keyed encoding using Mcrypt
- *
- * @package CodeIgniter
- * @subpackage Libraries
- * @category Libraries
- * @author EllisLab Dev Team
- * @link https://codeigniter.com/userguide3/libraries/encryption.html
- */
-class CI_Encrypt {
-
- /**
- * Reference to the user's encryption key
- *
- * @var string
- */
- public $encryption_key = '';
-
- /**
- * Type of hash operation
- *
- * @var string
- */
- protected $_hash_type = 'sha1';
-
- /**
- * Flag for the existence of mcrypt
- *
- * @var bool
- */
- protected $_mcrypt_exists = FALSE;
-
- /**
- * Current cipher to be used with mcrypt
- *
- * @var string
- */
- protected $_mcrypt_cipher;
-
- /**
- * Method for encrypting/decrypting data
- *
- * @var int
- */
- protected $_mcrypt_mode;
-
- /**
- * Initialize Encryption class
- *
- * @return void
- */
- public function __construct()
- {
- if (($this->_mcrypt_exists = function_exists('mcrypt_encrypt')) === FALSE)
- {
- show_error('The Encrypt library requires the Mcrypt extension.');
- }
-
- log_message('info', 'Encrypt Class Initialized');
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Fetch the encryption key
- *
- * Returns it as MD5 in order to have an exact-length 128 bit key.
- * Mcrypt is sensitive to keys that are not the correct length
- *
- * @param string
- * @return string
- */
- public function get_key($key = '')
- {
- if ($key === '')
- {
- if ($this->encryption_key !== '')
- {
- return $this->encryption_key;
- }
-
- $key = config_item('encryption_key');
-
- if ( ! self::strlen($key))
- {
- show_error('In order to use the encryption class requires that you set an encryption key in your config file.');
- }
- }
-
- return md5($key);
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Set the encryption key
- *
- * @param string
- * @return CI_Encrypt
- */
- public function set_key($key = '')
- {
- $this->encryption_key = $key;
- return $this;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Encode
- *
- * Encodes the message string using bitwise XOR encoding.
- * The key is combined with a random hash, and then it
- * too gets converted using XOR. The whole thing is then run
- * through mcrypt using the randomized key. The end result
- * is a double-encrypted message string that is randomized
- * with each call to this function, even if the supplied
- * message and key are the same.
- *
- * @param string the string to encode
- * @param string the key
- * @return string
- */
- public function encode($string, $key = '')
- {
- return base64_encode($this->mcrypt_encode($string, $this->get_key($key)));
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Decode
- *
- * Reverses the above process
- *
- * @param string
- * @param string
- * @return string
- */
- public function decode($string, $key = '')
- {
- if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string) OR base64_encode(base64_decode($string)) !== $string)
- {
- return FALSE;
- }
-
- return $this->mcrypt_decode(base64_decode($string), $this->get_key($key));
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Encode from Legacy
- *
- * Takes an encoded string from the original Encryption class algorithms and
- * returns a newly encoded string using the improved method added in 2.0.0
- * This allows for backwards compatibility and a method to transition to the
- * new encryption algorithms.
- *
- * For more details, see https://codeigniter.com/userguide3/installation/upgrade_200.html#encryption
- *
- * @param string
- * @param int (mcrypt mode constant)
- * @param string
- * @return string
- */
- public function encode_from_legacy($string, $legacy_mode = MCRYPT_MODE_ECB, $key = '')
- {
- if (preg_match('/[^a-zA-Z0-9\/\+=]/', $string))
- {
- return FALSE;
- }
-
- // decode it first
- // set mode temporarily to what it was when string was encoded with the legacy
- // algorithm - typically MCRYPT_MODE_ECB
- $current_mode = $this->_get_mode();
- $this->set_mode($legacy_mode);
-
- $key = $this->get_key($key);
- $dec = base64_decode($string);
- if (($dec = $this->mcrypt_decode($dec, $key)) === FALSE)
- {
- $this->set_mode($current_mode);
- return FALSE;
- }
-
- $dec = $this->_xor_decode($dec, $key);
-
- // set the mcrypt mode back to what it should be, typically MCRYPT_MODE_CBC
- $this->set_mode($current_mode);
-
- // and re-encode
- return base64_encode($this->mcrypt_encode($dec, $key));
- }
-
- // --------------------------------------------------------------------
-
- /**
- * XOR Decode
- *
- * Takes an encoded string and key as input and generates the
- * plain-text original message
- *
- * @param string
- * @param string
- * @return string
- */
- protected function _xor_decode($string, $key)
- {
- $string = $this->_xor_merge($string, $key);
-
- $dec = '';
- for ($i = 0, $l = self::strlen($string); $i < $l; $i++)
- {
- $dec .= ($string[$i++] ^ $string[$i]);
- }
-
- return $dec;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * XOR key + string Combiner
- *
- * Takes a string and key as input and computes the difference using XOR
- *
- * @param string
- * @param string
- * @return string
- */
- protected function _xor_merge($string, $key)
- {
- $hash = $this->hash($key);
- $str = '';
-
- for ($i = 0, $ls = self::strlen($string), $lh = self::strlen($hash); $i < $ls; $i++)
- {
- $str .= $string[$i] ^ $hash[($i % $lh)];
- }
-
- return $str;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Encrypt using Mcrypt
- *
- * @param string
- * @param string
- * @return string
- */
- public function mcrypt_encode($data, $key)
- {
- $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());
- $init_vect = mcrypt_create_iv($init_size, MCRYPT_DEV_URANDOM);
- return $this->_add_cipher_noise($init_vect.mcrypt_encrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), $key);
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Decrypt using Mcrypt
- *
- * @param string
- * @param string
- * @return string
- */
- public function mcrypt_decode($data, $key)
- {
- $data = $this->_remove_cipher_noise($data, $key);
- $init_size = mcrypt_get_iv_size($this->_get_cipher(), $this->_get_mode());
-
- if ($init_size > self::strlen($data))
- {
- return FALSE;
- }
-
- $init_vect = self::substr($data, 0, $init_size);
- $data = self::substr($data, $init_size);
-
- return rtrim(mcrypt_decrypt($this->_get_cipher(), $key, $data, $this->_get_mode(), $init_vect), "\0");
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Adds permuted noise to the IV + encrypted data to protect
- * against Man-in-the-middle attacks on CBC mode ciphers
- * http://www.ciphersbyritter.com/GLOSSARY.HTM#IV
- *
- * @param string
- * @param string
- * @return string
- */
- protected function _add_cipher_noise($data, $key)
- {
- $key = $this->hash($key);
- $str = '';
-
- for ($i = 0, $j = 0, $ld = self::strlen($data), $lk = self::strlen($key); $i < $ld; ++$i, ++$j)
- {
- if ($j >= $lk)
- {
- $j = 0;
- }
-
- $str .= chr((ord($data[$i]) + ord($key[$j])) % 256);
- }
-
- return $str;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Removes permuted noise from the IV + encrypted data, reversing
- * _add_cipher_noise()
- *
- * Function description
- *
- * @param string $data
- * @param string $key
- * @return string
- */
- protected function _remove_cipher_noise($data, $key)
- {
- $key = $this->hash($key);
- $str = '';
-
- for ($i = 0, $j = 0, $ld = self::strlen($data), $lk = self::strlen($key); $i < $ld; ++$i, ++$j)
- {
- if ($j >= $lk)
- {
- $j = 0;
- }
-
- $temp = ord($data[$i]) - ord($key[$j]);
-
- if ($temp < 0)
- {
- $temp += 256;
- }
-
- $str .= chr($temp);
- }
-
- return $str;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Set the Mcrypt Cipher
- *
- * @param int
- * @return CI_Encrypt
- */
- public function set_cipher($cipher)
- {
- $this->_mcrypt_cipher = $cipher;
- return $this;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Set the Mcrypt Mode
- *
- * @param int
- * @return CI_Encrypt
- */
- public function set_mode($mode)
- {
- $this->_mcrypt_mode = $mode;
- return $this;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Get Mcrypt cipher Value
- *
- * @return int
- */
- protected function _get_cipher()
- {
- if ($this->_mcrypt_cipher === NULL)
- {
- return $this->_mcrypt_cipher = MCRYPT_RIJNDAEL_256;
- }
-
- return $this->_mcrypt_cipher;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Get Mcrypt Mode Value
- *
- * @return int
- */
- protected function _get_mode()
- {
- if ($this->_mcrypt_mode === NULL)
- {
- return $this->_mcrypt_mode = MCRYPT_MODE_CBC;
- }
-
- return $this->_mcrypt_mode;
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Set the Hash type
- *
- * @param string
- * @return void
- */
- public function set_hash($type = 'sha1')
- {
- $this->_hash_type = in_array($type, hash_algos()) ? $type : 'sha1';
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Hash encode a string
- *
- * @param string
- * @return string
- */
- public function hash($str)
- {
- return hash($this->_hash_type, $str);
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Byte-safe strlen()
- *
- * @param string $str
- * @return int
- */
- protected static function strlen($str)
- {
- return defined('MB_OVERLOAD_STRING')
- ? mb_strlen($str, '8bit')
- : strlen($str);
- }
-
- // --------------------------------------------------------------------
-
- /**
- * Byte-safe substr()
- *
- * @param string $str
- * @param int $start
- * @param int $length
- * @return string
- */
- protected static function substr($str, $start, $length = NULL)
- {
- if (defined('MB_OVERLOAD_STRING'))
- {
- // mb_substr($str, $start, null, '8bit') returns an empty
- // string on PHP 5.3
- isset($length) OR $length = ($start >= 0 ? self::strlen($str) - $start : -$start);
- return mb_substr($str, $start, $length, '8bit');
- }
-
- return isset($length)
- ? substr($str, $start, $length)
- : substr($str, $start);
- }
-}
diff --git a/tests/codeigniter/libraries/Encrypt_test.php b/tests/codeigniter/libraries/Encrypt_test.php
deleted file mode 100644
index adbca31b2..000000000
--- a/tests/codeigniter/libraries/Encrypt_test.php
+++ /dev/null
@@ -1,79 +0,0 @@
-<?php
-/**
- * @requires extension mcrypt
- */
-class Encrypt_test extends CI_TestCase {
-
- public function set_up()
- {
- if ( ! extension_loaded('mcrypt'))
- {
- return;
- }
- elseif (version_compare(PHP_VERSION, '7.1.0-alpha', '>='))
- {
- return $this->markTestSkipped('ext/mcrypt is deprecated since PHP 7.1 and will generate notices here.');
- }
-
- $this->encrypt = new Mock_Libraries_Encrypt();
- $this->ci_instance_var('encrypt', $this->encrypt);
-
- $this->ci_set_config('encryption_key', "Encryptin'glike@boss!");
- $this->msg = 'My secret message';
- }
-
- // --------------------------------------------------------------------
-
- public function test_encode()
- {
- $this->assertNotEquals($this->msg, $this->encrypt->encode($this->msg));
- }
-
- // --------------------------------------------------------------------
-
- public function test_decode()
- {
- $encoded_msg = $this->encrypt->encode($this->msg);
- $this->assertEquals($this->msg, $this->encrypt->decode($encoded_msg));
- }
-
- // --------------------------------------------------------------------
-
- public function test_optional_key()
- {
- $key = 'Ohai!ù0129°03182%HD1892P0';
- $encoded_msg = $this->encrypt->encode($this->msg, $key);
- $this->assertEquals($this->msg, $this->encrypt->decode($encoded_msg, $key));
- }
-
- // --------------------------------------------------------------------
-
- public function test_default_cipher()
- {
- $this->assertEquals('rijndael-256', $this->encrypt->get_cipher());
- }
-
- // --------------------------------------------------------------------
-
- public function test_set_cipher()
- {
- $this->encrypt->set_cipher(MCRYPT_BLOWFISH);
- $this->assertEquals('blowfish', $this->encrypt->get_cipher());
- }
-
- // --------------------------------------------------------------------
-
- public function test_default_mode()
- {
- $this->assertEquals('cbc', $this->encrypt->get_mode());
- }
-
- // --------------------------------------------------------------------
-
- public function test_set_mode()
- {
- $this->encrypt->set_mode(MCRYPT_MODE_CFB);
- $this->assertEquals('cfb', $this->encrypt->get_mode());
- }
-
-}
diff --git a/tests/mocks/database/ci_test.sqlite b/tests/mocks/database/ci_test.sqlite
index 84f09add2..502913725 100755
--- a/tests/mocks/database/ci_test.sqlite
+++ b/tests/mocks/database/ci_test.sqlite
Binary files differ
diff --git a/tests/mocks/libraries/encrypt.php b/tests/mocks/libraries/encrypt.php
deleted file mode 100644
index c14d1e02f..000000000
--- a/tests/mocks/libraries/encrypt.php
+++ /dev/null
@@ -1,16 +0,0 @@
-<?php
-
-class Mock_Libraries_Encrypt extends CI_Encrypt {
-
- // Override inaccessible protected method
- public function __call($method, $params)
- {
- if (is_callable(array($this, '_'.$method)))
- {
- return call_user_func_array(array($this, '_'.$method), $params);
- }
-
- throw new BadMethodCallException('Method '.$method.' was not found');
- }
-
-}
diff --git a/user_guide_src/source/changelog.rst b/user_guide_src/source/changelog.rst
index b9a9e2015..5d98e7554 100644
--- a/user_guide_src/source/changelog.rst
+++ b/user_guide_src/source/changelog.rst
@@ -37,6 +37,7 @@ Release Date: Not Released
- Libraries
+ - Removed previously deprecated *Encrypt Library*.
- Removed previously deprecated *Cart Library*.
- Removed previously deprecated *Javascript Library* (it was always experimental in the first place).
- Removed previously deprecated ``anchor_class`` option from :doc:`Pagination Library <libraries/pagination>`.
@@ -368,10 +369,10 @@ Release Date: Mar 20, 2017
- **Security**
- Fixed a header injection vulnerability in :doc:`common function <general/common_functions>` :php:func:`set_status_header()` under Apache (thanks to Guillermo Caminer from `Flowgate <https://flowgate.net/>`_).
- - Fixed byte-safety issues in :doc:`Encrypt Library <libraries/encrypt>` (DEPRECATED) when ``mbstring.func_overload`` is enabled.
+ - Fixed byte-safety issues in **Encrypt Library** (DEPRECATED) when ``mbstring.func_overload`` is enabled.
- Fixed byte-safety issues in :doc:`Encryption Library <libraries/encryption>` when ``mbstring.func_overload`` is enabled.
- Fixed byte-safety issues in :doc:`compatibility functions <general/compatibility_functions>` ``password_hash()``, ``hash_pbkdf2()`` when ``mbstring.func_overload`` is enabled.
- - Updated :doc:`Encrypt Library <libraries/encrypt>` (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``.
+ - Updated **Encrypt Library** (DEPRECATED) to call ``mcrypt_create_iv()`` with ``MCRYPT_DEV_URANDOM``.
- General Changes
@@ -1079,9 +1080,9 @@ Release Date: March 30, 2015
- Libraries
- - Added a new :doc:`Encryption Library <libraries/encryption>` to replace the old, largely insecure :doc:`Encrypt Library <libraries/encrypt>`.
+ - Added a new :doc:`Encryption Library <libraries/encryption>` to replace the old, largely insecure **Encrypt Library**.
- - :doc:`Encrypt Library <libraries/encrypt>` changes include:
+ - **Encrypt Library** changes include:
- Deprecated the library in favor of the new :doc:`Encryption Library <libraries/encryption>`.
- Added support for hashing algorithms other than SHA1 and MD5.
@@ -1462,7 +1463,7 @@ Bug fixes for 3.0
- Fixed a bug (#1264) - :doc:`Database Forge <database/forge>` and :doc:`Database Utilities <database/utilities>` didn't update/reset the databases and tables list cache when a table or a database is created, dropped or renamed.
- Fixed a bug (#7) - :doc:`Query Builder <database/query_builder>` method ``join()`` only escaped one set of conditions.
- Fixed a bug (#1321) - ``CI_Exceptions`` couldn't find the *errors/* directory in some cases.
-- Fixed a bug (#1202) - :doc:`Encrypt Library <libraries/encrypt>` ``encode_from_legacy()`` didn't set back the encrypt mode on failure.
+- Fixed a bug (#1202) - **Encrypt Library** ``encode_from_legacy()`` didn't set back the encrypt mode on failure.
- Fixed a bug (#145) - :doc:`Database Class <database/index>` method ``compile_binds()`` failed when the bind marker was present in a literal string within the query.
- Fixed a bug in :doc:`Query Builder <database/query_builder>` method ``protect_identifiers()`` where if passed along with the field names, operators got escaped as well.
- Fixed a bug (#10) - :doc:`URI Library <libraries/uri>` internal method ``_detect_uri()`` failed with paths containing a colon.
@@ -1632,7 +1633,7 @@ Release Date: June 2, 2014
- General Changes
- - Security: :doc:`Encrypt Library <libraries/encrypt>` method ``xor_encode()`` has been removed. The Encrypt Class now requires the Mcrypt extension to be installed.
+ - Security: **Encrypt Library** method ``xor_encode()`` has been removed. The Encrypt Class now requires the Mcrypt extension to be installed.
- Security: The :doc:`Session Library <libraries/sessions>` now uses HMAC authentication instead of a simple MD5 checksum.
Bug fixes for 2.2.0
@@ -2241,7 +2242,7 @@ Hg Tag: v2.0.0
- Documented append_output() in the :doc:`Output
Class <libraries/output>`.
- Documented a second argument in the decode() function for the
- :doc:`Encrypt Class <libraries/encrypt>`.
+ **Encrypt Class**.
- Documented db->close().
- Updated the router to support a default route with any number of
segments.
diff --git a/user_guide_src/source/installation/upgrade_200.rst b/user_guide_src/source/installation/upgrade_200.rst
index 03b8ff4ac..96256b13a 100644
--- a/user_guide_src/source/installation/upgrade_200.rst
+++ b/user_guide_src/source/installation/upgrade_200.rst
@@ -64,9 +64,7 @@ string using the improved methods. This will enable you to easily
replace stale encrypted data with fresh in your applications, either on
the fly or en masse.
-Please read :doc:`how to use this
-method <../libraries/encrypt>` in the Encrypt library
-documentation.
+Please read how to use this in the Encrypt library documentation.
Step 5: Remove loading calls for the compatibility helper.
==========================================================
@@ -145,4 +143,4 @@ The following files have been changed:
The following files have been added:
- foreign_chars.php
-- profiler.php \ No newline at end of file
+- profiler.php
diff --git a/user_guide_src/source/installation/upgrade_220.rst b/user_guide_src/source/installation/upgrade_220.rst
index 489dd6312..c87148ca1 100644
--- a/user_guide_src/source/installation/upgrade_220.rst
+++ b/user_guide_src/source/installation/upgrade_220.rst
@@ -2,12 +2,11 @@
Upgrading from 2.1.4 to 2.2.x
#############################
-.. note:: The :doc:`Encrypt Class </libraries/encrypt>` now requires the
- Mcrypt extension. If you were previously using the Encrypt Class
- without Mcrypt, then this is a breaking change. You must install
- the Mcrypt extension in order to upgrade. For information on
- installing Mcrypt please see the PHP `documentation
- <https://secure.php.net/manual/en/mcrypt.setup.php>`.
+.. note:: The **Encrypt Class** now requires the Mcrypt extension. If you
+ were previously using the Encrypt Class without Mcrypt, then this
+ is a breaking change. You must install the Mcrypt extension in
+ order to upgrade. For information on installing Mcrypt please see
+ the PHP `documentation <https://secure.php.net/manual/en/mcrypt.setup.php>`.
Before performing an update you should take your site offline by
replacing the index.php file with a static one.
@@ -18,4 +17,4 @@ Step 1: Update your CodeIgniter files
Replace all files and directories in your "system" folder.
.. note:: If you have any custom developed files in these folders please
- make copies of them first. \ No newline at end of file
+ make copies of them first.
diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst
index 188144844..03a7b579c 100644
--- a/user_guide_src/source/installation/upgrade_300.rst
+++ b/user_guide_src/source/installation/upgrade_300.rst
@@ -520,7 +520,7 @@ The SHA1 library
The previously deprecated SHA1 library has been removed, alter your code to use PHP's native
``sha1()`` function to generate a SHA1 hash.
-Additionally, the ``sha1()`` method in the :doc:`Encrypt Library <../libraries/encrypt>` has been removed.
+Additionally, the ``sha1()`` method in the **Encrypt Library** has been removed.
The EXT constant
================
@@ -541,17 +541,16 @@ Also, the previously deprecated ``js_insert_smiley()`` (since version 1.7.2) is
The Encrypt library
===================
-Following numerous vulnerability reports, the :doc:`Encrypt Library <../libraries/encrypt>` has
-been deprecated and a new, :doc:`Encryption Library <../libraries/encryption>` is added to take
-its place.
+Following numerous vulnerability reports, the **Encrypt Library** has been deprecated and a
+new, :doc:`Encryption Library <../libraries/encryption>` is added to take its place.
The new library requires either the `MCrypt extension <https://secure.php.net/mcrypt>`_ (and /dev/urandom
availability) or PHP 5.3.3 and the `OpenSSL extension <https://secure.php.net/openssl>`_.
While this might be rather inconvenient, it is a requirement that allows us to have properly
implemented cryptographic functions.
-.. note:: The :doc:`Encrypt Library <../libraries/encrypt>` is still available for the purpose
- of keeping backwards compatibility.
+.. note:: The **Encrypt Library** is still available for the purpose of keeping
+ backwards compatibility.
.. important:: You are strongly encouraged to switch to the new :doc:`Encryption Library
<../libraries/encryption>` as soon as possible!
diff --git a/user_guide_src/source/installation/upgrade_320.rst b/user_guide_src/source/installation/upgrade_320.rst
index 368871d7d..c70ff707c 100644
--- a/user_guide_src/source/installation/upgrade_320.rst
+++ b/user_guide_src/source/installation/upgrade_320.rst
@@ -222,6 +222,7 @@ CodeIgniter versions that have been removed in 3.2.0:
- ``read_file()`` :doc:`File Helper <../helpers/file_helper>` function (use ``file_get_contents()`` instead)
- ``form_prep()`` :doc:`Form Helper <../helpers/form_helper>` function (use :php:func:`html_escape()` instead)
+- The entire *Encrypt Library* (the newer :doc:`Encryption Library <../libraries/encryption>` is still available)
- The entire *Cart Library* (an archived version is available on GitHub: `bcit-ci/ci3-cart-library <https://github.com/bcit-ci/ci3-cart-library>`_)
- The entire *Javascript Library* (it was always experimental in the first place)
diff --git a/user_guide_src/source/libraries/encrypt.rst b/user_guide_src/source/libraries/encrypt.rst
deleted file mode 100644
index 10893b901..000000000
--- a/user_guide_src/source/libraries/encrypt.rst
+++ /dev/null
@@ -1,198 +0,0 @@
-#############
-Encrypt Class
-#############
-
-The Encrypt Class provides two-way data encryption. It encrypted using
-the Mcrypt PHP extension, which is required for the Encrypt Class to run.
-
-.. important:: This library has been DEPRECATED and is only kept for
- backwards compatibility. Please use the new :doc:`Encryption Library
- <encryption>`.
-
-.. contents::
- :local:
-
-.. raw:: html
-
- <div class="custom-index container"></div>
-
-*************************
-Using the Encrypt Library
-*************************
-
-Setting your Key
-================
-
-A *key* is a piece of information that controls the cryptographic
-process and permits an encrypted string to be decoded. In fact, the key
-you chose will provide the **only** means to decode data that was
-encrypted with that key, so not only must you choose the key carefully,
-you must never change it if you intend use it for persistent data.
-
-It goes without saying that you should guard your key carefully. Should
-someone gain access to your key, the data will be easily decoded. If
-your server is not totally under your control it's impossible to ensure
-key security so you may want to think carefully before using it for
-anything that requires high security, like storing credit card numbers.
-
-To take maximum advantage of the encryption algorithm, your key should
-be 32 characters in length (256 bits). The key should be as random a
-string as you can concoct, with numbers and uppercase and lowercase
-letters. Your key should **not** be a simple text string. In order to be
-cryptographically secure it needs to be as random as possible.
-
-Your key can be either stored in your **application/config/config.php**, or
-you can design your own storage mechanism and pass the key dynamically
-when encoding/decoding.
-
-To save your key to your **application/config/config.php**, open the file
-and set::
-
- $config['encryption_key'] = "YOUR KEY";
-
-Message Length
-==============
-
-It's important for you to know that the encoded messages the encryption
-function generates will be approximately 2.6 times longer than the
-original message. For example, if you encrypt the string "my super
-secret data", which is 21 characters in length, you'll end up with an
-encoded string that is roughly 55 characters (we say "roughly" because
-the encoded string length increments in 64 bit clusters, so it's not
-exactly linear). Keep this information in mind when selecting your data
-storage mechanism. Cookies, for example, can only hold 4K of
-information.
-
-Initializing the Class
-======================
-
-Like most other classes in CodeIgniter, the Encrypt class is
-initialized in your controller using the ``$this->load->library()``
-method::
-
- $this->load->library('encrypt');
-
-Once loaded, the Encrypt library object will be available using::
-
- $this->encrypt
-
-***************
-Class Reference
-***************
-
-.. php:class:: CI_Encrypt
-
- .. php:method:: encode($string[, $key = ''])
-
- :param string $string: Data to encrypt
- :param string $key: Encryption key
- :returns: Encrypted string
- :rtype: string
-
- Performs the data encryption and returns it as a string. Example::
-
- $msg = 'My secret message';
-
- $encrypted_string = $this->encrypt->encode($msg);
-
- You can optionally pass your encryption key via the second parameter if
- you don't want to use the one in your config file::
-
- $msg = 'My secret message';
- $key = 'super-secret-key';
-
- $encrypted_string = $this->encrypt->encode($msg, $key);
-
- .. php:method:: decode($string[, $key = ''])
-
- :param string $string: String to decrypt
- :param string $key: Encryption key
- :returns: Plain-text string
- :rtype: string
-
- Decrypts an encoded string. Example::
-
- $encrypted_string = 'APANtByIGI1BpVXZTJgcsAG8GZl8pdwwa84';
-
- $plaintext_string = $this->encrypt->decode($encrypted_string);
-
- You can optionally pass your encryption key via the second parameter if
- you don't want to use the one in your config file::
-
- $msg = 'My secret message';
- $key = 'super-secret-key';
-
- $encrypted_string = $this->encrypt->decode($msg, $key);
-
- .. php:method:: set_cipher($cipher)
-
- :param int $cipher: Valid PHP MCrypt cypher constant
- :returns: CI_Encrypt instance (method chaining)
- :rtype: CI_Encrypt
-
- Permits you to set an Mcrypt cipher. By default it uses
- ``MCRYPT_RIJNDAEL_256``. Example::
-
- $this->encrypt->set_cipher(MCRYPT_BLOWFISH);
-
- Please visit php.net for a list of `available ciphers <https://secure.php.net/mcrypt>`_.
-
- If you'd like to manually test whether your server supports MCrypt you
- can use::
-
- echo extension_loaded('mcrypt') ? 'Yup' : 'Nope';
-
- .. php:method:: set_mode($mode)
-
- :param int $mode: Valid PHP MCrypt mode constant
- :returns: CI_Encrypt instance (method chaining)
- :rtype: CI_Encrypt
-
- Permits you to set an Mcrypt mode. By default it uses **MCRYPT_MODE_CBC**.
- Example::
-
- $this->encrypt->set_mode(MCRYPT_MODE_CFB);
-
- Please visit php.net for a list of `available modes <https://secure.php.net/mcrypt>`_.
-
- .. php:method:: encode_from_legacy($string[, $legacy_mode = MCRYPT_MODE_ECB[, $key = '']])
-
- :param string $string: String to encrypt
- :param int $legacy_mode: Valid PHP MCrypt cipher constant
- :param string $key: Encryption key
- :returns: Newly encrypted string
- :rtype: string
-
- Enables you to re-encode data that was originally encrypted with
- CodeIgniter 1.x to be compatible with the Encrypt library in
- CodeIgniter 2.x. It is only necessary to use this method if you have
- encrypted data stored permanently such as in a file or database and are
- on a server that supports Mcrypt. "Light" use encryption such as
- encrypted session data or transitory encrypted flashdata require no
- intervention on your part. However, existing encrypted Sessions will be
- destroyed since data encrypted prior to 2.x will not be decoded.
-
- .. important::
- **Why only a method to re-encode the data instead of maintaining legacy
- methods for both encoding and decoding?** The algorithms in the
- Encrypt library have improved in CodeIgniter 2.x both for performance
- and security, and we do not wish to encourage continued use of the older
- methods. You can of course extend the Encryption library if you wish and
- replace the new methods with the old and retain seamless compatibility
- with CodeIgniter 1.x encrypted data, but this a decision that a
- developer should make cautiously and deliberately, if at all.
-
- ::
-
- $new_data = $this->encrypt->encode_from_legacy($old_encrypted_string);
-
- ====================== =============== =======================================================================
- Parameter Default Description
- ====================== =============== =======================================================================
- **$orig_data** n/a The original encrypted data from CodeIgniter 1.x's Encryption library
- **$legacy_mode** MCRYPT_MODE_ECB The Mcrypt mode that was used to generate the original encrypted data.
- CodeIgniter 1.x's default was MCRYPT_MODE_ECB, and it will assume that
- to be the case unless overridden by this parameter.
- **$key** n/a The encryption key. This it typically specified in your config file as
- outlined above.
- ====================== =============== ======================================================================= \ No newline at end of file
diff --git a/user_guide_src/source/libraries/encryption.rst b/user_guide_src/source/libraries/encryption.rst
index 833a56c09..643818aa4 100644
--- a/user_guide_src/source/libraries/encryption.rst
+++ b/user_guide_src/source/libraries/encryption.rst
@@ -280,8 +280,8 @@ Configuring the library
=======================
For usability, performance, but also historical reasons tied to our old
-:doc:`Encrypt Class <encrypt>`, the Encryption library is designed to
-use repeatedly the same driver, encryption cipher, mode and key.
+**Encrypt Class**, the Encryption library is designed to use repeatedly
+the same driver, encryption cipher, mode and key.
As noted in the "Default behavior" section above, this means using an
auto-detected driver (OpenSSL has a higher priority), the AES-128 ciper